Federal authorities apprehended a 20-year-old U.S. Army soldier suspected to be the notorious cybercriminal known as Kiberphant0m. This individual has allegedly been involved in selling and leaking sensitive customer call records stolen earlier this year from telecommunications giants AT&T and Verizon. The accused, identified as Cameron John Wagenius, a communications specialist, was recently stationed in South Korea. He was arrested near the Army base in Fort Hood, Texas on Dec. 20 after being indicted on two criminal counts of unlawfully transferring confidential phone records.
The charges against Wagenius are outlined in a two-page indictment, which does not specify the victims or the hacking activities involved. However, insights into his background were shared by Wagenius’ mother, Alicia Roen. She revealed that Wagenius had connections with another cybercriminal, Connor Riley Moucka, also known as “Judische,” who was apprehended in late October for data theft and extortion from multiple companies using the cloud service Snowflake.
In an interview with KrebsOnSecurity, Judische claimed to have outsourced selling stolen data to Kiberphant0m and other cybercriminals. Meanwhile, Kiberphant0m boasted on Telegram about hacking into multiple telecommunication firms, including AT&T and Verizon. These revelations came to light following a report by KrebsOnSecurity that traced Kiberphant0m’s identity to a U.S. Army soldier stationed in South Korea.
According to Roen, Wagenius worked on radio signals and network communications at a South Korean base for two years. She expressed shock upon learning about his alleged involvement in criminal hacking, emphasizing that she had no prior knowledge of this activity. Wagenius’ affinity for computers was acknowledged by his mother, who mentioned his aspiration to follow his older brother into the military from a young age.
Shortly after Moucka’s arrest, Kiberphant0m posted purported call logs of high-profile individuals, prompting concerns of potential data leaks. Subsequent posts on BreachForums mentioned threats to disclose government call logs if demands were not met. Kiberphant0m also claimed to possess sensitive data, including a “data schema” from the U.S. National Security Agency, raising cybersecurity concerns.
Wagenius’ social media profiles were swiftly altered following speculations linking him to Kiberphant0m. Notably, his Facebook page featured images of him in military uniform wielding various weapons. Previous reports indicated that Kiberphant0m maintained a botnet for DDoS attacks and sold access credentials for a U.S. defense contractor. The efforts of cybersecurity experts, including Allison Nixon from Unit 221B, aided in uncovering Kiberphant0m’s real identity amid threats and harassment from other cybercriminals.
Nixon emphasized the swift action taken by law enforcement in apprehending Kiberphant0m and issuing a cautionary message to cybercriminals in hiding. The case against Wagenius has been transferred to the U.S. District Court for the Western District of Washington in Seattle, signifying continued efforts to combat cybercrime. Overall, the apprehension of Wagenius sheds light on the growing collaboration between authorities and cybersecurity experts in tackling digital threats and ensuring online safety.